Spring Boot 3.3 中 OpenID 身份验证的重定向循环问题

问题描述 投票:0回答:1

我正在使用 Java 21 和 Spring Boot 3.3 开发 REST API,并且我正在尝试使用 OpenID 通过外部站点实现身份验证。但是,我在登录外部站点后遇到重定向循环。

以下是流程的简要概述:

1-我导航到 localhost:41448/schedule/{id}。

2- 我被重定向到 myExternalWebsite.com 并使用我的凭据成功登录。这部分工作正常!

3-我的 token-uri 上的 POST 主体良好,正常并返回响应 200 OK

4-我被重定向到我的重定向 URL (localhost:41448/redirect-uri),但似乎我的控制器从未到达。相反,我在网络选项卡中看到多个重定向。我有这个错误:ERR_TOO_MANY_REDIRECTS

过去一周我一直在努力解决这个问题,迷失在大量文档中(其中一些已经过时)。

如果您需要更多信息或细节,请随时询问!

提前感谢您的帮助!

这是我的 application.yml 配置:

security:
  oauth2:
    client:
      registration:
        esante:
          client-id: MyId
          client-secret: MyClientSecret
          scope: openid
          redirect-uri: "https://localhost:41448/redirect-uri"
          authorization-grant-type: authorization_code
          client-name: example
      provider:
        example:
          authorization-uri: https://myExternalWebsite.integration.fr/realms/sas/protocol/openid-connect/auth
          token-uri: https://myExternalWebsite.integration.fr/realms/sas/protocol/openid-connect/token
          user-info-uri: https://myExternalWebsite.integration.fr/realms/sas/protocol/openid-connect/userinfo
          issuer-uri: https://myExternalWebsite.integration.fr/realms/sas

这是我的安全配置:

@EnableWebSecurity
public class SecurityConfig {

  @Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests(
            authorizeRequests ->
                authorizeRequests
                    .requestMatchers("/redirect-uri")
                    .permitAll()
                    .anyRequest()
                    .authenticated()
            )
        .oauth2Login(
            oauth2Login ->
                oauth2Login
                    .loginPage("https://myExternalWebsite.integration.fr") // OAuth2 login page
                    .defaultSuccessUrl("/redirect-uri", true) // Redirect after login
            )
        .requiresChannel(
            channel ->
                channel.anyRequest().requiresSecure()
            );

    return http.build();
  }
}

这是我的跟踪(此日志重复很多次):

HTTP POST https://myExternalWebsite.integration.fr/realms/sas/protocol/openid-connect/token
Accept=[application/json, application/*+json]
Writing [{grant_type=[authorization_code], code=[{code_generate}], redirect_uri=[https://localhost:41448/redirect-uri]}] as "application/x-www-form-urlencoded;charset=UTF-8"
Response 200 OK
Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json"
HTTP POST https://myExternalWebsite.integration.fr/realms/sas/protocol/openid-connect/token
Accept=[application/json, application/*+json]
Writing [{grant_type=[authorization_code], code=[{code_generate}], redirect_uri=[https://localhost:41448/redirect-uri]}] as "application/x-www-form-urlencoded;charset=UTF-8"
Response 200 OK
Reading to [org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse] as "application/json"
java spring-boot spring-security openid-connect openid
1个回答
0
投票

我的问题出在SecurityConfiguration和redirect-uri上。

将redirect-uri链接到我自己的rest控制器是一个很大的错误,所以现在我的redirect-uri是{baseUrl}/login/oauth2/code/{registrationId}

还有SecurityConfig

@Bean
  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    http.authorizeRequests(
            authorizeRequests ->
                authorizeRequests.antMatchers("/").permitAll().anyRequest().authenticated())
        .oauth2Login(
            oauth2Login ->
                oauth2Login
                    .loginPage("https://myExternalWebsite.integration.fr")
                    .successHandler(customAuthenticationSuccessHandler())
                    .failureHandler(customAuthenticationFailureHandler())
            );
    return http.build();
  }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.